[Freeipa-devel] [PATCHES] SPEC: Require python2 version of sssd bindings

Tomas Babej tbabej at redhat.com
Wed Mar 18 12:15:26 UTC 2015 


On 03/18/2015 01:10 PM, Alexander Bokovoy wrote:
> On Wed, 18 Mar 2015, Tomas Babej wrote:
>>
>>
>> On 03/12/2015 01:58 PM, Alexander Bokovoy wrote:
>>> On Thu, 12 Mar 2015, Alexander Bokovoy wrote:
>>>> On Thu, 12 Mar 2015, Petr Vobornik wrote:
>>>>> On 03/06/2015 03:13 PM, Alexander Bokovoy wrote:
>>>>>> On Fri, 06 Mar 2015, Lukas Slebodnik wrote:
>>>>>>> On (05/03/15 16:20), Petr Vobornik wrote:
>>>>>>>> On 03/05/2015 11:23 AM, Lukas Slebodnik wrote:
>>>>>>>>> On (05/03/15 08:54), Petr Vobornik wrote:
>>>>>>>>>> On 02/27/2015 09:50 PM, Lukas Slebodnik wrote:
>>>>>>>>>>> ehlo,
>>>>>>>>>>>
>>>>>>>>>>> Please review attached patches and fix freeipa in fedora 22 
>>>>>>>>>>> ASAP.
>>>>>>>>>>>
>>>>>>>>>>> I think the most critical is 1st patch
>>>>>>>>>>>
>>>>>>>>>>> sh$ git grep "SSSDConfig"  | grep import
>>>>>>>>>>> install/tools/ipa-upgradeconfig:import SSSDConfig
>>>>>>>>>>> ipa-client/ipa-install/ipa-client-automount:import SSSDConfig
>>>>>>>>>>> ipa-client/ipa-install/ipa-client-install: import SSSDConfig
>>>>>>>>>>>
>>>>>>>>>>> BTW package python-sssdconfig is provides since 
>>>>>>>>>>> sssd-1.10.0alpha1
>>>>>>>>>>> (2013-04-02)
>>>>>>>>>>> but it was not explicitely required.
>>>>>>>>>>>
>>>>>>>>>>> The latest python3 changes in sssd (fedora 22) is just a 
>>>>>>>>>>> result of
>>>>>>>>>>> negligent
>>>>>>>>>>> packaging of freeipa.
>>>>>>>>>>>
>>>>>>>>>>> LS
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Fedora 22 was amended.
>>>>>>>>>>
>>>>>>>>>> Patch 1: ACK
>>>>>>>>>>
>>>>>>>>>> Patch 2: ACK
>>>>>>>>>>
>>>>>>>>>> Patch3:
>>>>>>>>>> the package name is libsss_nss_idmap-python not
>>>>>>>>>> python-libsss_nss_idmap
>>>>>>>>>> which already is required in adtrust package
>>>>>>>>> In sssd upstream we decided to rename package
>>>>>>>>> libsss_nss_idmap-python to
>>>>>>>>> python-libsss_nss_idmap according to new rpm python guidelines.
>>>>>>>>> The python3 version has alredy correct name.
>>>>>>>>>
>>>>>>>>> We will rename package in downstream with next major release 
>>>>>>>>> (1.13).
>>>>>>>>> Of course it we will add "Provides: libsss_nss_idmap-python".
>>>>>>>>>
>>>>>>>>> We can push 3rd patch later or I can update 3rd patch.
>>>>>>>>> What do you prefer?
>>>>>>>>>
>>>>>>>>> Than you very much for review.
>>>>>>>>>
>>>>>>>>> LS
>>>>>>>>>
>>>>>>>>
>>>>>>>> Patch 3 should be updated to not forget the remaining change in
>>>>>>>> ipa-python
>>>>>>>> package.
>>>>>>>>
>>>>>>>> It then should be updated downstream and master when 1.13 is 
>>>>>>>> released in
>>>>>>>> Fedora, or in master sooner if SSSD 1.13 becomes the minimal 
>>>>>>>> version
>>>>>>>> required
>>>>>>>> by master.
>>>>>>>
>>>>>>> Fixed.
>>>>>>>
>>>>>>> BTW Why ther is a pylint comment for some sssd modules
>>>>>>> I did not kave any pylint problems after removing comment.
>>>>>>>
>>>>>>> ipalib/plugins/trust.py:32:    import pysss_murmur #pylint: 
>>>>>>> disable=F0401
>>>>>>> ipalib/plugins/trust.py:38:    import pysss_nss_idmap #pylint:
>>>>>>> disable=F0401
>>>>>>>
>>>>>>>
>>>>>>> And why are these modules optional (try except)
>>>>>> Because they are needed to properly load in the case trust 
>>>>>> subpackages
>>>>>> are not installed, to generate proper messages to users who will try
>>>>>> these commands, like 'ipa trust-add' while the infrastructure is 
>>>>>> not in
>>>>>> place.
>>>>>>
>>>>>> pylint is dumb for such cases.
>>>>>>
>>>>>>
>>>>>
>>>>> Alexander, the point was not to require python_nss_idmap and 
>>>>> python-sss-murmur on ipa clients?
>>>> Pylint is not used on ipa clients. The import statements do protection
>>>> against failed import and that's what we use on the client side.
>>>>
>>>>> If so python-sss-murmur should be required only by trust-ad 
>>>>> package and not python package (patch2). And patch 3 (adding 
>>>>> libsss_nss_idmap-python to python package)  should not be used.
>>>> We already have dependencies in trust-ad subpackage:
>>>> %package server-trust-ad
>>>> Summary: Virtual package to install packages required for Active 
>>>> Directory trusts
>>>> Group: System Environment/Base
>>>> Requires: %{name}-server = %version-%release
>>>> Requires: m2crypto
>>>> Requires: samba-python
>>>> Requires: samba >= %{samba_version}
>>>> Requires: samba-winbind
>>>> Requires: libsss_idmap
>>>> Requires: libsss_nss_idmap-python
>>>>
>>>> However, we don't ship the original plugins in this package because
>>>> otherwise you wouldn't be able to use 'ipa trust*' from any machine
>>>> other than those where trust-ad subpackage is installed. That's why we
>>>> use import statements and catch the import exceptions.
>>> Sent too early.
>>>
>>> ... and python-sss-murmur shoudl be required by trust-ad subpackage,
>>> yes.
>>>
>>
>> So what is the resolution here? Can we push patches 1 & 2?
> ACK to patches 1 and 2.

Pushed to master: 6ce47d86db77373b15bb62a92b22dd2accc74b37

More information about the Freeipa-devel mailing list